Azure AD Integration and SSO for Zero Trust Secure Access

Integrate with Azure AD to authenticate access attempts and take action on risky account activity.

Important:

You cannot configure single sign-on (SSO) from multiple IAMs. Ensure that you configure the necessary permissions and SSO on the IAM you want to use for Private Access and Internet Access authentication.

Operations Dashboard and Zero Trust Secure Access both require the data upload permission to ensure certain features function properly. Turning off the data upload may prevent secure access policy enforcement and risk analysis.

  1. Go to Zero Trust Secure Access > Secure Access Configuration > Identity and Access Management.
  2. Click Grant permissions next to Azure AD.

    A new browser tab opens to the Third-Party Integration > Azure AD screen.

  3. In Associated apps, select Zero Trust Secure Access.
  4. In the Zero Trust Secure Access row, click Grant permissions and follow the Azure AD onscreen instructions.
  5. Switch back to the Zero Trust Secure Access browser tab.
    Note:

    The status indicator icons display if the granted permissions are full () or partial (). For more details about additional required permissions, hover over the tooltip ().

    Now you can take direct action on risky accounts and authenticate Private Access and Internet Access rules.

  6. (Optional) To configure risk control rules, you must also grant data upload permission for Azure AD in Operations Dashboard > Data source.
    1. Go to the Operations Dashboard > Data source screen by clicking Data Source in the information that displays when you hover over in the Data upload permission status column.
    2. In the Data Source panel, toggle On the Data upload permission control, and follow the Azure AD onscreen instructions..
    3. Switch back to the Zero Trust Secure Access browser tab.
  7. Configure your Azure AD SSO settings.
Parent topic: Identity and Access Management Integration